Generic On-Line/Off-Line Threshold Signatures

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3958)


We present generic on-line/off-line threshold signatures, in which the bulk of signature computation can take place “off-line” during lulls in service requests [6]. Such precomputation can help systems using threshold signatures quickly respond to requests. For example, tests of the Pond distributed file system showed that computation of a threshold RSA signature consumes roughly 86% of the time required to service writes to small files [12]. We apply the “hash-sign-switch” paradigm of Shamir and Tauman [16] and the distributed key generation protocol of Gennaro et al. [7] to convert any existing secure threshold digital signature scheme into a threshold on-line/off-line signature scheme. We show that the straightforward attempt at proving security of the resulting construction runs into a subtlety that does not arise for Shamir and Tauman’s construction. We resolve the subtlety and prove our signature scheme secure against a static adversary in the partially synchronous communication model under the one-more-discrete-logarithm assumption [2]. The on-line phase of our scheme is efficient: computing a signature takes one round of communication and a few modular multiplications in the common case.


On-line/Off-line Signature Schemes Threshold Cryptography Chameleon Hash Functions Bursty Traffic 


  1. 1.
    Baker, M.G., Hartman, J.H., Kupfer, M.D., Shirriff, K.W., Ousterhout, J.K.: Measurements of a Distributed File System. In: Proceedings of 13th ACM Symposium on Operating Systems Principles. Association for Computing Machinery SIGOPS, pp. 198–212 (1991)Google Scholar
  2. 2.
    Bellare, M., Namprempre, C., Pointcheval, D., Semanko, M.: The One-More-RSA-Inversion Problems and the Security of Chaum’s Blind Signature Scheme. Journal of Cryptology 16(3), 185–215 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Chaum, D., Pedersen, T.P.: Wallet Databases with Observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1992)Google Scholar
  4. 4.
    Damgård, I., Dupont, K.: Efficient Threshold RSA Signatures with General Moduli and No Extra Assumptions. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 346–361. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Desmedt, Y., Frankel, Y.: Threshold Cryptosystems. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 307–315. Springer, Heidelberg (1989)Google Scholar
  6. 6.
    Even, S., Goldreich, O., Micali, S.: On-Line/Off-Line Digital Schemes. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 263–275. Springer, Heidelberg (1989)Google Scholar
  7. 7.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure Distributed Key Generation for Discrete Logarithm Cryptosystems. Journal of Cryptology (to appear),
  8. 8.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust Threshold DSS Signatures. Inf. Comput. 164(1), 54–84 (2001)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Krawczyk, H., Rabin, T.: Chameleon Signatures. In: Proceedings of the Network and Distributed System Security Symposium, pp. 143–154 (2000)Google Scholar
  10. 10.
    Kubiatowicz, J., Bindel, D., Chen, Y., Czerwinski, S., Eaton, P., Geels, D., Gummadi, R., Rhea, S., Weatherspoon, H., Weimer, W., Wells, C., Zhao, B.: OceanStore: An Architecture for Global-Scale Persistent Storage. In: Proceedings of ACM Architectural Support for Programming Languages and Operating Systems (November 2000)Google Scholar
  11. 11.
    Merkle, R.: Protocols for Public Key Cryptosystems. In: IEEE Symposium on Security and Privacy, April 1980, pp. 122–134 (1980)Google Scholar
  12. 12.
    Rhea, S., Eaton, P., Geels, D., Weatherspoon, H., Zhao, B., Kubiatowicz, J.: Pond: The OceanStore Prototype. In: Proceedings of the Conference on File and Storage Technologies, USENIX (2003)Google Scholar
  13. 13.
    Rhea, S., Kubiatowicz, J.: The OceanStore Write Path (June 2002),
  14. 14.
    Rosenblum, M., Ousterhout, J.K.: The Design and Implementation of a Log-Structured File System. ACM Transactions on Computer Systems 10, 26–52 (1992)CrossRefGoogle Scholar
  15. 15.
    Ruemmler, C., Wilkes, J.: UNIX Disk Access Patterns. In: USENIX Winter 1993 Conference Proceedings (January 1993)Google Scholar
  16. 16.
    Shamir, A., Tauman, Y.: Improved Online/Offline Signature Schemes. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 355–367. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Shoup, V.: Practical Threshold Signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 207–220. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  18. 18.
    Wong, C.K., Lam, S.S.: Digital Signatures for Flows and Multicasts. IEEE/ACM Trans. Netw. 7(4), 502–513 (1999)CrossRefGoogle Scholar
  19. 19.
    Xu, Z., Zhu, Y., Min, R., Hu, Y.: Achieving Better Load Balance in Distributed Storage System. In: International Conference on Parallel and Distributed Processing Techniques and Applications (June 2002)Google Scholar
  20. 20.
    Zhou, L., Schneider, F.B., van Renesse, R.: COCA: A Secure Distributed Online Certification Authority. ACM Trans. Computer Systems 20(4), 329–368 (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  1. 1.University of CaliforniaBerkeleyUSA

Personalised recommendations